Apache POI, which is bundled with IBM WebSphere Dashboard Framework, could allow a remote attacker to obtain sensitive information.
IBM WebSphere Dashboard Framework (WDF) bundles a copy of Apache POI, which is used by the spreadsheet integration functionality.
CVEID: CVE-2016-5000**
DESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when XLSX2CSV example uses Javaโs XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external entity reference to read arbitrary files on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
WebSphere Dashboard Framework 7.0.1
_
Product_
|
_ VRMF_|
_ APAR _|
โ|โ|โ|โ
WebSphere Dashboard Framework| 7.0.1| LO90165| Download the fix
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere dashboard framework | eq | 7.0.1 |